Nebula Admin Integration with Flex H Series devices

Ratsnackbar

I'd like to request this as one of the next items the ZYXEL team integrates between the Flex H Series devices and Nebula.

Best practices are to always have every user login be unique to the user and never use shared accounts.

Currently when you connect an H Series device are linked to Nebula and then launch it's On-Prem interface, you login by default using the local admin account and password.

It would be better to have the Nebula accounts defined as administrators for that devices SITE (and if possible their MFA) kept in sync with the On-Prem interface.

The way it is now adds administrative overhead and complicates MFA. Currently to enforce individual user logins the owner/admin needs to login to each H Series device and add each of their administrators individual accounts. Each of those admins will then have quite a few different entries in their Authentication application. One for Nebula and a separate one for every H Series device.

By keeping them in sync, if there is then a need to login to the devices GUI locally or via the ZON application, the user just needs to remember their own login they would use for nebula and use the same MFA mechanism.

It would also be a good idea to sync the ZON utility so that it takes its security queue's from the H Series device and can enforce the same MFA method if that is at all possible.

Thanks!

Zyxel_Ivan

Hi @Ratsnackbar,

Thanks for sharing your idea with us.

Before I raising your idea with the team, I'd like to check with you:

1. You want to suggest we can allow Org's admin to use their acount and password as local GUI's account and password as default?
2. Can you share with us how many admins do you have in your Org?

Thanks.

Ivan

Ratsnackbar

1. We'd like any admin defined for a particular site in Nebula to have their login and mfa kept in sync with the HSeries local admins so that we can manage all administrators via Nebula as singular entities rather than having to create them for every H Series router. A adminsitrator defined in Nebula as an organizational level administrator should be added to every H Series device by default. Changes to those accounts and removals should be kept in sync. MFA should ideally be the same for each. Site administrators from Nebula should only be added to the H Series routers defined for those sites.
2. We currently have 7 administrators which will eventually need access to one, multiple or all sites.

As of this moment we've been testing ZyXEL's full nebula product line using USG Flex 200 devices. Looking towards the future, we have recently obtained a USG Flex 500H as part of the last test we need to run before acceptance and company wide deployment.

If testing goes well, we are likely to deploy H Series devices to each of 18 or so locations. Needless to say I'd rather not have to login to each site to setup as many as 7 administrators on up to 18 individual devices. It'd be much better if this could all be managed via the nebula administrators interface.

Thanks!

Zyxel_Ivan

Hi @Ratsnackbar,

Thanks for the reply.

Let me bring this issue to the team and have an internal discussion.

Itwill take some time, but I'll keep you updated once we have a result.

Please send me any feedback you may have.

Thanks.

Ivan